CVE-2022-24440 in cocoapods-downloaderinformazioni

Riassunto

di MITRE • 01/04/2022

The package cocoapods-downloader before 1.6.0, from 1.6.2 and before 1.6.3 are vulnerable to Command Injection via git argument injection. When calling the Pod::Downloader.preprocess_options function and using git, both the git and branch parameters are passed to the git ls-remote subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsabile

Snyk

Prenotare

24/02/2022

Divulgazione

01/04/2022

Moderazione

accettato

CPE

pronto

EPSS

0.02713

KEV

no

Attività

molto basso

Fonti

Do you know our Splunk app?

Download it now for free!